Multiple Calls/Requests into a Single API

I am in need of some assistance or guidance. I am trying to integrate with CA Single Sign-On (Siteminder) in terms of just making REST API calls to the SSO API endpoints. I am trying to work within the API Gateway to do all of this and make testing/template policies for future use cases.

I want to build out a policy that allows me to make multiple calls/requests in a single API. How would that be done??

If I am trying to hit a testing SSO endpoint - it requires me to have a JWT or Bearer Token. I can hit the endpoint URL directly or even if I set a Routing assertion with that endpoint inside my Gateway/policy. I do most of my testing on Postman. The result should show me all the say if I set the URI to list all the SmDomains on our testing Policy Server.

I just was asking in terms of does anyone know of a "basic and easy" way to where I make a REST call and receive the sessionkey/token and use that token to make another call to that same endpoint URL but with different URI/parameter??

GET https:<gateway:port>/ca/api/sso/services/policy/v1/SmDomainsI set the Authorization header as Bearer Token and pasted the token -- ran the request and it displays the information I need; I am just trying to replicate this process in my Gateway as a single request instead of separate, individual requests, etc.)

I have tried followed the instructions from this link I'm trying to request a token in the first call and pass it to second call. but I do not know how to setup the "Evaluate JSON Path Expression Assertion with the response from the first call as input" in step 1. I have also tried step B in changing the header value within the Routing properties but I am not sure if that should be done on the first Routing assertion or make another Routing assertion with those configurations?

If anyone can assist me on this process, it would be greatly appreciated!

Here in the HTTP route properties we can capture the response in the Response Destination field. Simply enter a name and the variable will be created if it does not exists. So if this endpoint returns the JSON in my example above it will be put into the variable tokenResponse

Line 4: We use an Evaluate JSON Path Expression to get just what we need from the JSON.

For my example we just want the value in "access_token", so a simple expression is .access_token

To make sure this acts against the variable (tokenResponse) we got from the route assertion, simply right click on the Evaluate JSON path and click on 'Select Target message', you can now set this to the variable

Line 5: Route to the destination that requires the token

Here we can include the header with the new variable we got from the JSON path exression

Here in the HTTP route properties we can capture the response in the Response Destination field. Simply enter a name and the variable will be created if it does not exists. So if this endpoint returns the JSON in my example above it will be put into the variable tokenResponse

Line 4: We use an Evaluate JSON Path Expression to get just what we need from the JSON.

For my example we just want the value in "access_token", so a simple expression is .access_token

To make sure this acts against the variable (tokenResponse) we got from the route assertion, simply right click on the Evaluate JSON path and click on 'Select Target message', you can now set this to the variable

Line 5: Route to the destination that requires the token

Here we can include the header with the new variable we got from the JSON path exression

I have successfully followed your instructions from your post above of step-by-step on what to do. Does this look correct?

However, when I run a request on Postman of my custom resolution path with that policy - this is the response that I receive:

I do not know if this is an issue pertaining to my Gateway in terms of Authentication/Authorization or if it is on the Siteminder/SSO server side. I don't know if it's not utilizing the token? Or if I need to provide the user/pass credentials again somehow? Etc.

Again, on Postman as long as I have the routing endpoint, encoded the user and password into a string as my Basic authentication and ran the request with the administrative token API; I would receive that session key. I'd copy and paste the session key as a Bearer Token authorization method on Postman with a Core Policy API endpoint and I would receive the information needed.

Please let me know what you think based off the information I've provided.